Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Three years ago, companies that wanted to exchange information on the latest cyber-threats needed to belong to one of several exclusive clubs, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), Microsoft's Active Protections Program (MAPP) or the Anti-Virus Information Exchange Network (AVIEN).

Since then, new information-sharing tools and networks have emerged to allow businesses to exchange attack information with other companies. In September 2013, for example, Hewlett-Packard launched a threat-intelligence sharing environment, dubbed Threat Central, which allows its customers to upload threat data and share it with other subscribers.

While each provider has a different goal for their platform, the offerings allow business customers to gain intelligence and share information on threats, usually in machine-readable format that speeds their response to attacks, Jerry Bryant, lead security strategist for the Microsoft Security Response Center (MSRC), told eWEEK. Defenders need to counter attackers' ability to quickly share information on network weaknesses, he said.

Further reading

"I don't think that attackers are that much better at sharing information," Bryant said. "This is less about attackers sharing information amongst themselves, and more about countering their level of automation."

On June 23, Microsoft launched its own threat-intelligence sharing environment, known as Interflow. The platform allows cyber-security specialists and analysts to create communities of peers and exchange machine-readable threat information using a variety of open specifications.

Interflow supports the Structured Threat Information Expression (STIX) format, Trusted Automated Exchange of Indicator Information (TAXII) protocol, and Cyber Observable Expression standards (CyBOX), according to Microsoft. Currently, the platform is open only to a few customers as a private preview and eventually to all members of the Microsoft Active Protections Program (MAPP).

Such programs could be used as a way to lock customers into using a specific vendor's security platform, but Microsoft sees the creation of these platforms as a way for security providers to execute better, not create walled communities around their data.

"Years ago, AV [antivirus] firms used to compete on the size of their malware databases," Bryant said. "But companies need to stop competing on the data that they have and compete more on the execution. As an industry, we are not going to get ahead of the threat landscape by using these siloed models and competing on the data."

Whether the platforms openly share information across the broader security community remains to be seen. Yet, having generalized platforms can help industries create tight communities that can share threat information between security teams, he said

The focus on interoperable formats could help create such communities more easily. In addition, he said, the push for faster exchange of machine-readable information could speed response to incidents much more quickly.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.